How To Set Caching DNS Server

by on June 16, 2008 · 13 comments· LAST UPDATED June 16, 2008

in , ,

Q. How do I set caching dns server to speed up dns lookup for my LAN (500 PC)? The DNS lookups creating a lot of network activity. There are a few times when this causes performance issues. How do I configure caching dns under Debian Linux?

A. Often many users and running daemon can perform tons of dns lookup. This can create problems for slow network connections as well the latency of the lookup can slow down overall experince for end users. For large sites / LANs / WANs it is recommended that you set your own caching dns servers.

dnsmasq dns caching server

dnsmasq is a lightweight DNS, TFTP and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN. Dnsmasq accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive, DNS server.

Step # 1: Install dnsmasq

Simply, type the following command under Debian / Ubuntu Linux:
# apt-get install dnsmasq
Red Hat, Fedora / CentOS Linux user can grab dnsmasq rpm here or just enter:
# rpm -ivh http://dag.wieers.com/rpm/packages/dnsmasq/dnsmasq-2.41-1.el5.rf.x86_64.rpm

Step # 2: Configure dnsmasq

Open /etc/resolv.conf
# vi /etc/resolv.conf
Set up upstream DNS servername i.e add ISP name server:
nameserver 202.1.10.10
nameserver 203.2.10.10
nameserver 203.3.10.10

Save and close the file. Start dnsmasq dns caching server:
# /etc/init.d/dnsmasq start
Sample output:

Starting DNS forwarder and DHCP server: dnsmasq

Now test your caching server:
$ dig openbsd.nixcraft.in
Sample output:

; <<>> DiG 9.4.1-P1 <<>> openbsd.nixcraft.in
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24426
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;openbsd.nixcraft.in.           IN      A
;; ANSWER SECTION:
openbsd.nixcraft.in.    86341   IN      A       74.86.49.141
;; AUTHORITY SECTION:
nixcraft.in.            51538   IN      NS      ns1.softlayer.com.
nixcraft.in.            51538   IN      NS      ns2.softlayer.com.
;; ADDITIONAL SECTION:
ns2.softlayer.com.      222764  IN      A       66.228.119.9
ns1.softlayer.com.      220797  IN      A       66.228.118.8
;; Query time: 26 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 17 00:50:02 2008
;; MSG SIZE  rcvd: 134

Try it one more time to see caching server in action:
$ dig openbsd.nixcraft.in
; <<>> DiG 9.4.1-P1 <<>> openbsd.nixcraft.in
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46610
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;openbsd.nixcraft.in. IN A

;; ANSWER SECTION:
openbsd.nixcraft.in. 86272 IN A 74.86.49.141

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 17 00:51:11 2008
;; MSG SIZE rcvd: 53

Step # 3: Optional dnsmasq configuration

The default configuration file is located at /etc/dnsmasq.conf. By default it works out of box. However, configuration files offers more options. It is possible to use dnsmasq to block Web advertising by using a list of known banner-ad servers, all resolving to 127.0.0.1 or 0.0.0.0. It is also possible redirect local LAN mail traffic to central mail hub server. Please refer dnsmasq man pages for all advanced configuration options.
$ man dnsmasq

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 13 comments… read them below or add one }

1 Binny V A January 19, 2009 at 7:09 pm

Shouldn’t you add
nameserver 127.0.0.1
to ‘/etc/resolve.conf’ for this to work?

Another thing – yum install dnsmasq works fine(I tested it in Fedora 8)

Reply

2 Binny V A January 19, 2009 at 7:10 pm

Fedora 8 – that smile was inserted by WP without my permission ;-)

Reply

3 Norman T March 13, 2009 at 12:10 am

I had the same question as Binny … how does the local server know to use the dnsmasq service before hitting the upstream servers if you don’t modify /etc/resolv.conf?

I could see this working for other systems on a local network, but for the server running dnsmasq itself, where does the cache come in? Thanks for any help!

Reply

4 commonsense April 6, 2010 at 9:27 am

dnsmasq is OK. It sits between the user and the recursor; but it won’t dump the cache for backups (see a program called “pdns”, not PowerDNS, for that).

dnsmasq can read from /etc/hosts which is good. But have a look at a program called nsd.

This is the way it should be done. The recursive lookup and authoritative answer functions should be separate programs. It should have been this way from the beginning. But common sense does not always prevail.

nsd just serves up DNS records. That’s all it does. It’s fast.

It has a utility to convert BIND-style zone files into the binary format that nsd can read. In theory this should speed up performance. nsd is fast. And having an nsd databse of DNS info is nice reassurance.

Reply

5 Rocky September 15, 2010 at 6:50 am

Hi,

For caching dns server dnsmasq is better or bind(named)……………?

Regards,
ROcky

Reply

6 Dharma September 26, 2011 at 5:59 pm

/etc/resolv.conf first nameserver must be 127.0.0.1 to make it works as dns request cached by localhost

Reply

7 Tanner Williamson March 3, 2012 at 1:20 am

While this article is for Debian, I wanted to point out that for CentOS 6 dnsmasq is an official package and you don’t need to use the Dag repository.

Reply

8 pradeep August 30, 2012 at 8:24 am

its very help full . my problem had been solve by using this solution ,many many thanks for this post

Reply

9 Lol October 15, 2012 at 2:33 am

hi,
I get public ip 202.111.0.3/28 from ISP
now i want configure my own DNS server to connect to the internet
my question is can i build dns server to browse internet without ip forwarders from ISP?
thanks

Reply

10 bluecon July 18, 2013 at 4:10 am

Thank you.

Reply

11 Hai August 28, 2014 at 10:14 am

I have installed bind9, I can use bind9 is caching DNS ??

Reply

12 Hai August 28, 2014 at 10:15 am

my LAN (20 PC)

Reply

13 Per October 13, 2014 at 12:40 pm

Yes. It’s actually configured as a caching server out of the box.

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , ,

Previous Faq:

Next Faq: